Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

BloxOne Threat Defense and Threat Intelligence

Reply

Local RPZ VS CSP

New Member
Posts: 1
1069     0

i added a suspicious domain to a local block list RPZ  on my local DNS. However, my local DNS is forwarding quries to the CSP, when i check  CSP, istill see that blocked domain in the logs, even though it's supposed to be blocked on my on-premises DNS. i am wondering why the CSP is receiving the query for that domain if it's blocked.

Re: Local RPZ VS CSP

Techie
Posts: 34
1069     0

Can you validate your RPZ setting is not in log-only mode? https://docs.infoblox.com/space/nios90/280760177/Configuring+Local+RPZs

 

Also are you using NIOS Grid Connector (NGC) to forward logs?

Showing results for 
Search instead for 
Did you mean: 

Recommended for You